CVE-2026-46344: liboqs XMSS Out-of-Bounds Read in Signature Verification
liboqs, an open-source cryptographic library implementing post-quantum algorithms, contains a flaw in its XMSS and XMSS^MT signature verification code. When verifying a signature, the code re-parses algorithm metadata from the public key and uses that metadata to determine how many bytes to read from the signature buffer. An attacker can craft a mismatched public key whose metadata claims a larger signature format than the buffer actually contains, causing an out-of-bounds read. While the read data is only used internally for hashing and cannot be stolen, it can crash the verification process if it reaches unmapped memory.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Weaknesses (CWE)
- CWE-125
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-29 / 2026-06-17
NVD description (verbatim)
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a correctly-sized signature buffer for the declared algorithm but a public key whose OID bytes (pk[0..3]) reference a different XMSS parameter set with a larger sig_bytes, the implementation re-parses the OID from the public key inside xmss_sign_open / xmssmt_sign_open and uses the resulting (larger) sig_bytes to index the caller-supplied signature buffer. As with CVE-2026-44518, the out-of-bounds bytes are consumed only as input to an internal hash computation and are not returned to the caller, so no oracle exists to leak their contents to an attacker. The primary observable effect is a possible crash (denial of service) of the verifying process if the read crosses into an unmapped memory page. This vulnerability is fixed in 0.16.0.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability exists in the xmss_sign_open and xmssmt_sign_open functions. These functions receive a signature buffer sized according to the caller's declared algorithm. However, the functions re-extract the OID (object identifier) from the public key bytes pk[0..3] and use that OID to look up a potentially different sig_bytes value. If the OID in the public key references an XMSS parameter set with larger sig_bytes than the one the caller intended, the code attempts to read beyond the supplied signature buffer. The out-of-bounds bytes are consumed only as input to internal hash computations (HASH_UPDATE operations) and are never returned, leaked, or used for control flow decisions. The impact is limited to denial of service through potential page fault exceptions when the read crosses into unmapped memory.
Business impact
Applications and services using liboqs for signature verification could experience availability disruption if an attacker provides crafted public keys that trigger out-of-bounds reads crossing page boundaries. This is particularly relevant for systems using post-quantum cryptography in production or pilots, including those integrating liboqs for hybrid classical-post-quantum signing schemes. The denial-of-service risk is real but containable: only verification operations with mismatched key metadata can trigger the condition, and the crash is deterministic based on memory layout rather than probabilistic.
Affected systems
Any deployment of liboqs prior to version 0.16.0 using XMSS or XMSS^MT signature verification is affected. This includes applications embedding liboqs directly, as well as systems that depend on projects that bundle liboqs. The OpenQuantumSafe project and its liboqs library are the direct affected vendor/product.
Exploitability
Exploitability is straightforward for attackers with the ability to influence the public key supplied to a verification function. No authentication, special privileges, or user interaction is required; the attack is network-accessible and works over the network if the verifying service processes untrusted keys. However, weaponization is limited to denial of service; there is no information disclosure or signature forgery. An attacker cannot bypass authentication or forge valid signatures.
Remediation
Upgrade liboqs to version 0.16.0 or later. This patch corrects the OID re-parsing logic to ensure that signature buffer bounds are checked against the caller's declared algorithm rather than blindly re-interpreting the public key. Organizations should verify their liboqs version in production and staging environments, then apply the update through their standard package management or build processes.
Patch guidance
Update liboqs to 0.16.0 or later. Verify the version of liboqs in your build artifacts and runtime environment using the library's version APIs or package managers. If liboqs is vendored as a dependency within another project, check that the parent project has also updated to a version that includes the fixed liboqs. Test verification operations with both correctly-matched and intentionally mismatched key-metadata pairs to confirm the patch prevents the out-of-bounds access.
Detection guidance
Monitor application and service logs for segmentation faults, access violations, or crashes occurring during signature verification operations. In containerized environments, watch for OOMKilled or SIGSEGV events. If you maintain liboqs version metadata in your software inventory, query for instances prior to 0.16.0. Code review or static analysis can identify calls to xmss_sign_open or xmssmt_sign_open with insufficient validation of public key metadata before the call.
Why prioritize this
Although the CVSS score is MEDIUM (5.3), prioritize patching based on your reliance on XMSS/XMSS^MT verification. If your organization is piloting or deploying post-quantum cryptography, this is a direct blocker. The attack surface is network-accessible and requires no authentication, but impact is limited to availability. Patch within 30 days for systems in production; expedite if XMSS/XMSS^MT verification is customer-facing or part of a critical pipeline.
Risk score, explained
The CVSS v3.1 score of 5.3 MEDIUM reflects: network accessibility (AV:N), low attack complexity (AC:L), no privilege requirement (PR:N), and no user interaction needed (UI:N). However, the impact is limited to availability (A:L) with no confidentiality or integrity compromise (C:N, I:N), yielding a moderate score. The score does not account for the specificity of triggering the condition (requires crafted public keys with mismatched OID metadata) or the containment of impact to denial of service.
Frequently asked questions
Can an attacker forge a valid signature using this vulnerability?
No. The out-of-bounds read is consumed only as input to internal hash computations and does not affect signature verification logic or validation outcomes. An attacker cannot bypass signature validation or forge a signature.
Is there any information disclosure, such as memory content leakage?
No. The out-of-bounds bytes are read and passed to internal hash functions but are never returned to the caller or observable through any side-channel. There is no oracle to leak memory contents.
Do I need to rotate existing signatures or keys?
No. The vulnerability affects the verification function and does not compromise key material or the integrity of previously-issued signatures. Existing keys and signatures remain valid after patching.
What is the difference between this CVE and CVE-2026-44518?
This vulnerability (CVE-2026-46344) follows the same pattern as CVE-2026-44518: an out-of-bounds read in XMSS verification due to OID re-parsing. Both are fixed in liboqs 0.16.0. Refer to the advisory for the specific details of CVE-2026-44518 to understand the broader context of OID-parsing issues in the library.
This analysis is based on the CVE record and vendor advisory as of the publication date. Specific patch version numbers, configuration details, and deployment-specific impact should be verified against the official OpenQuantumSafe liboqs release notes and security announcements. Organizations should test patches in non-production environments before deployment. This document is for informational purposes and does not constitute security advice specific to your systems. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-44518MEDIUMOut-of-Bounds Read in liboqs XMSS Signature Verification
- CVE-2025-70101MEDIUMlwext4 1.0.0 Out-of-Bounds Read Denial of Service
- CVE-2026-10305MEDIUMOut-of-Bounds Read in Samsung rlottie Animation Library
- CVE-2026-10979MEDIUMChrome ANGLE Out-of-Bounds Read Memory Disclosure Vulnerability
- CVE-2026-10985MEDIUMOut-of-Bounds Read in Google Chrome Skia – Data Leakage Vulnerability
- CVE-2026-10998MEDIUMChrome Media Out-of-Bounds Memory Read Vulnerability
- CVE-2026-10999MEDIUMGoogle Chrome ANGLE Integer Overflow Information Disclosure
- CVE-2026-11004MEDIUMChrome ANGLE Out-of-Bounds Read Memory Disclosure